SandboxEscaper, a security researcher has identified three Windows 10 zero-day exploits and has consented to release four more exploit codes for later.
The bug-hunter published the exploit codes on GitHub concerning Windows 10. The bug has affected Windows Task Scheduler process. The zero-day exploit hack has been confirmed to work on Windows 10 32-bit and 64-bit operating systems.
Here’s a demo on how zero-day exploit works
Researcher also released a demo video of the LPE zero-day in action. See below: pic.twitter.com/ZX8XWLQ74z
— Catalin Cimpanu (@campuscodi) May 22, 2019
The bug can be exploitable by importing files into the Task Scheduler and by running a command using executables ‘schtasks.exe’ and ‘schedsvc.dll’.
More Windows Zero-Day Exploits to Come
The researcher, SandboxEscaper, is well known for her exploits. In her blog, she announced the release of the bugs and wrote
Uploaded the remaining bugs.
burning bridges. I just hate this world.
ps: that last windows error reporting bug was apparently patched this month. Other 4 bugs on GitHub are still 0 days. have fun.
A silver lining is that the bugs are of low-impact in nature, meaning hackers will have a hard time exploiting these bugs in their favor.
This is not the first time that a Windows 10 update has been plagued by a number of bugs and flaws. The company even had to roll back some of its previous updates.
It looks SandboxEscaper wants to sell the exploits to non-western buyers. The price quoted on each LPE bug is 60,000(Dollar or Euro). She also said
“I don’t owe society a single thing. Just want to get rich and give you fu*ktards in the west the middle-f*nger.”
Microsoft is yet to comment on this fresh issue but we do expect them to release some sort of fix anytime soon.